0 Day, or Zero Day, refers to a type of malware which attacks a computer or application by exploiting vulnerabilities that the developer of that application does not yet know about. In traditional sense, 0 Day refers to the first day that a developer notices a vulnerability in an application he/she created and begins creating a fix for that vulnerability. Therefore, 0 Day attacks can theoretically be carried out any time between the release of the application and the discovery of the vulnerability by the developer.
How 0 Day Attacks Works
In a typical 0 Day attack cycle, a developer will release an application to the public that has a vulnerability the developer doesn’t know about. 0 Day attackers will then discover this vulnerability, create malware that exploits it, and distribute the malware to the public. Eventually, the developer will then notice the vulnerability, create a fix for it, and distribute the fix to the public.
Due to the large number of applications released each year, new 0 Day attacks can theoretically be carried out every day and may last for years at a time before the developer notices the vulnerability in his/her application. For example, the Microsoft confirmed a vulnerability of Internet Explorer in 2008, while the program was released in 2001. This means that 0 Day attacks could have potentially been carried out for up to 7 years before the vulnerability was fixed.